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SESSION TRACKING METHOD FOR WEB-BASED APPLICATION 

Background of the Invention 

This invention is directed to a system and method for tracking sessions for web-based 
applications. More particularly, this invention is directed to a system and method for terminating 
sessions for web-based applications. 

Web-based applications are accessed by client users using web browsers, which access a 
web server and create a session. The session is stored on the server side and the web server 
tracks the session, which belongs to each client. The session can be associated with data 
generated from requests from the browser. 

Generally, the web server destroys a session when the session times out. The session 
time out can be set to a variable length. If a session has not been accessed for a certain period of 
time, the server closes the session to reclaim resources. Even after a user closes the browser 
application, the particular session will not expire until the timeout has been reached. If the 
timeout is set to one hundred twenty minutes, and if the user closes the browser five minutes 
after starting, the server will keep the session active unnecessarily for another one hundred 
fifteen minutes. This becomes a serious disadvantage, especially in an embedded server 
environment with a small memory and small workspaces. The server may keep the memory 
allocated even after the session is no longer user. 

Another problem is the limit on the number of allowable concurrent sessions. In the 
embedded server environment, the web server may keep tracking the active number of sessions 
to limit their usage. Even after a user closes his browser and is no longer browsing the web site, 
the web server keeps the session in memory until the session is timed out. Therefore, even if the 
system does not reach the maximum number of sessions in memory, and if it is at the maximum, 
the system will deny a new user access until sufficient resources have been freed. 

An additional problem involves session-based file locking systems. If the web server 
uses a session-based file locking system, the file may be locked and is not available to others 
until the session is timed out, even if the user closes the browser before the timeout period. 

Another problem is when a user does not close the browser, but moves away from the 
web site to another web site. In this situation, the session should be terminated, not only for the 
reasons described above, but also for security reasons. A user logged in as administrator or a 



private user can access secured or private pages. When this user moves away from such a site, 
the session should be terminated to that another login is required when the user returns to such 
site. 

There is a need for a system and method for tracking sessions for web-based applications 
which terminates the session in response to selected actions by the user and provides increased 
security for secure or private web pages. 

Summary of the Invention 

In accordance with the present invention, there is provided a system and method for 
tracking sessions for web-based applications which terminates the session in response to selected 
actions by the user. 

Further, in accordance with the present invention, there is provided a system and method 
for tracking sessions for web-based application which provides increased security for secure or 
private web pages. 

Further, in accordance with the present invention, there is provided a system for tracking 
sessions for web-based applications comprising a browser disposed on an associated data 
terminal and having at least one browser window associated therewith. The browser is adapted 
to generate at least one interactive session with an associated web server. The system also 
includes at least one session tracking application associated with an interactive session. The 
session tracking application includes monitoring means adapted for monitoring activity on the 
associated interactive session and testing means adapted for determining whether monitored 
activity includes an unload event. The session tracking application also includes termination 
means adapted for terminating the associated interactive session upon a determination of a 
selected unload event and notification means adapted for notifying the associated web server to 
close out the interactive session. 

In a preferred embodiment, the testing means includes counting means adapted for 
determining the number of browser windows associated with the at least one interactive session. 
Preferably, the number of browser windows associated with at least one interactive session are 
stored in associated memory or other suitable data storage means. In another preferred 
embodiment, the testing means includes means adapted for testing at least one of a browser 
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refresh, browser close, migration from a selected web site, opening of an additional web site by a 
browser window associated with the interactive session, and session timeout. 

Still further, in accordance with the present invention, there is provided a method for 
tracking sessions for web-based applications comprising the steps of generating at least one 
interactive session with an associated web server, wherein the interactive session is generated via 
a browser disposed on an associated data terminal and having at least one browser window 
associated therewith, monitoring activity on the interactive session, and determining whether 
monitored activity includes an unload event. The method also comprises the steps of terminating 
the interactive session upon a determination of a selected unload event and notifying the 
associated web server to close out the interactive session. 

In a preferred embodiment, the method further includes the step of determining the 
number of browser windows associated with the at least one interactive session. Preferably, the 
number of browser windows associated with at least one interactive session are stored in 
associated memory means. In another preferred embodiment, the step of determining the 
monitored activity includes determining whether the activity is at least one of a browser refresh, 
browser close, migration from a selected web site, opening of an additional web site by a 
browser window associated with the interactive session, and session timeout. 

These and other aspects, advantages, and features of the invention will be apparent to one 
skilled in the art upon reading and understanding the specification. 

Brief Description of the Drawings 

Figure 1 is a block diagram depicting an exemplary network configured to deploy 
the method and implementation of the present invention; and 

Figure 2 is a flow chart depicting the steps associated with tracking sessions for 
web-based applications in accordance with the present invention. 

Detailed Description of the Preferred E mbodiments 

This invention is directed to a system and method for tracking sessions for web- 
based applications, particularly for terminating sessions for web-based applications. This 
invention uses a background window or application and a session tracking application to 
track and terminate sessions. A request is sent to an associated web server to terminate 
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the session when a browser receives a browser close request or migration to another web 
site request only if one browser is using the session. The session tracking application 
monitors session identification information and the number of browsers using the same 
session, stores the information in a session table in memory, and periodically updates the 
information. The invention prevents the session from being destroyed when a user closes 
one of the browser windows that share the same session. 

A suitable network 100 is shown in Figure 1 for deploying the method and 
implementation of the present invention. One or more client machines, as illustrated with 
three machines 102, 104, and 106, send session requests 108 which are received and 
responded to by a controller 110 on the network. A suitable client machine is any suitable 
networked computer or data terminal as will be appreciated by one of ordinary skill in the 
art. Each client machine includes a browser (not shown) which is used to access the web 
server to initiate a session. The browser is any suitable browser program known in the 
art, such as Internet Explorer, Netscape Navigator, or Mozilla. The controller 110 
governs access to the web server 112 that serves the requests received from the users. 
Each client suitably has multiple sessions 102a, 102b, 104a, and 104b. The controller 
includes a session tracking application 114 for monitoring the activity of the sessions and 
terminating the sessions in the event of certain actions or activities by the user. 

The session tracking application also monitors the number of browser windows 
associated with each session. Each session has a unique session identification associated 
with the session and which is stored in session table or database in a storage medium or 
memory 116. The number of browser windows active for each session are associated 
with the session identification and also stored in the storage medium. 

Figure 2 illustrates a flow chart 200 of the method according to the present 
invention. At 202, an associated user uses the browser on the client machine to open a 
browse window to access the web server to initiate a session. At 204, the web server 
receives the request and creates a new session. The session tracking application is then 
activated at 206 to track the session if this is the first time the user accessed the web site. 
If the user has already accessed the web site from another browser window, then the 
session tracking application was activated when the first browser window was opened. 
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The session tracking application determines if this a new session for this web site 
or if another browser window has accessed the web site. If it is determined that this is 
new session, then the session identification information is generated to identify the 
session by any suitable means. A counting means associates an counter with the session 
identification information by any suitable means and the counter is set to one to show that 
one browser is associated with the session. The session identification and the counter are 
stored in the session table in the storage medium. If it is determined that this not a new 
session, but that the web site has already been accessed from another browser window, 
the counter for the session is incremented by one for this additional browser by any 
suitable means. The session identification and the updated counter information are stored 
in the session table in the storage medium. 

Flow then progress to 208 wherein the browser receives an unload event request. 
Unload events include, but are not limited to browser refresh, browser close, and 
migration from a selected web site. At 210, a background or hidden window or 
application is opened to determine the type of unload event received. At 212, a 
determination is made if the unload event request is a browser close or a migration from a 
selected web site request. 

If the unload event is not such event, the unload event request is a browser refresh 
request as shown at 214. The hidden window is closed and flow returns to 208, wherein 
the system waits for another unload event request to be received. 

If the unload event is a browser close request or a migration from a selected web 
site request, flow proceeds to 216 wherein a determination is made as to whether another 
browser window is using the same session. If it is determined that another browser 
window is using the same session, flow progress to 218. The session is not terminated 
and the hidden window is closed. The counter decreases the number of browsers 
associated with the interactive session upon the browser close action or migration from a 
web site by one of the browser windows associated with the interactive session by any 
suitable means. The updated counter information is stored in the session table in the 
storage medium. Flow returns to 208, wherein the system waits for another unload event 
request to be received. 
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If it is determined that another browser is not using the same session, flow 
proceeds to 220, wherein the session tracking application sends a request to the web 
server to invalidate the session. Once the system receives the request, the server frees up 
the memory and the workspace allocated for the session as shown in 222 and the method 
terminates at 224. 

In the event the session continues until the timeout period is reached, the browser 
sends a request to the server (not shown). The server determines if the session is invalid 
due to the timeout. If the session is invalid due to the timeout, the server frees up the 
memory and the workspace allocated for session. 

The system and method of the present invention also provide increased security 
for secure or private web pages. In ordinary web-based applications, when a user logins 
into a site and then migrates to a new site, the user can activate the "back" button or other 
suitable return means on the browser to return to the site. Such web-based applications 
will not request the user to login again to access the pages. Therefore, if the user were to 
access a secure site, migrate to a new site, and then leave the browser open on the client 
machine, another user could simply activate the back button and return to the secure 
pages. In this invention, if the user were to migrate to another site after accessing such 
secure site, such an action would be an unload event and the session would be terminated 
if no other browser windows were associated with the session. Another user would not 
be able to return to the secure pages by only activating the back button. 

Although the preferred embodiment has been described in detail, it should be understood 
that various changes, substitutions, and alterations can be made therein without departing from 
the spirit and scope of the invention as defined by the appended claims. It will be appreciated 
that various changes in the details, materials and arrangements of parts, which have been herein 
described and illustrated in order to explain the nature of the invention, may be made by those 
skilled in the area within the principle and scope of the invention as will be expressed in the 
appended claims. 
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